Aeglis API Reference
Welcome to the Aeglis API documentation. The Aeglis API allows you to embed enterprise-grade malware, phishing, and zero-day threat detection directly into your applications.
Our hybrid engine uses a waterfall architecture: it cross-references distributed threat caches instantly, and if the payload is unknown, it triggers a deep autopsy powered by the Aeglis dedicated AI intelligence core.
https://api.aeglis.com/v3
Authentication
Authenticate your API requests by including your secret API key in the Authorization header of every request. You can generate and manage your API keys from the Developer Dashboard.
Authorization: Bearer sk_live_YOUR_SECRET_KEY
⚠️ Warning: Your API keys carry many privileges. Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, or frontend JavaScript.
Rate Limits
Rate limits are applied based on your current subscription plan. If you exceed your monthly quota, the API will respond with a 429 Too Many Requests error.
| Plan | Requests / Month | Concurrency Limit |
|---|---|---|
| Free API | 100 | 1 req/sec |
| Startup API | 10,000 | 5 req/sec |
| Enterprise API | 50,000 | 25 req/sec |
Scan Text & URLs
This is a synchronous, high-speed endpoint. Use this to instantly sanitize user messages, chat logs, or individual URLs. It checks caches, global databases, and AI models in real-time (<100ms latency on cache hits).
Example Request
curl -X POST https://api.aeglis.com/v3/api/scan \ -H "Authorization: Bearer sk_live_your_key" \ -H "Content-Type: application/json" \ -d '{ "input_text": "Claim your free airdrop here: http://crypto-scam.xyz", "user_id": "usr_8923" }'
import requests url = "https://api.aeglis.com/v3/api/scan" payload = { "input_text": "Claim your free airdrop here: http://crypto-scam.xyz", "user_id": "usr_8923" } headers = { "Authorization": "Bearer sk_live_your_key", "Content-Type": "application/json" } response = requests.post(url, json=payload, headers=headers) print(response.json())
const fetch = require('node-fetch'); const url = 'https://api.aeglis.com/v3/api/scan'; const options = { method: 'POST', headers: { 'Authorization': 'Bearer sk_live_your_key', 'Content-Type': 'application/json' }, body: JSON.stringify({ input_text: 'Claim your free airdrop here: http://crypto-scam.xyz', user_id: 'usr_8923' }) }; fetch(url, options) .then(res => res.json()) .then(json => console.log(json)) .catch(err => console.error('error:', err));
<?php $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://api.aeglis.com/v3/api/scan"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); $headers = [ "Authorization: Bearer sk_live_your_key", "Content-Type: application/json" ]; curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $data = [ "input_text" => "Claim your free airdrop here: http://crypto-scam.xyz", "user_id" => "usr_8923" ]; curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data)); $response = curl_exec($ch); curl_close($ch); echo $response; ?>
Example Response
{ "status": "success", "data": { "risk_level": "DANGER", "reason": "Context AI match: Known phishing domain and social engineering attempt detected." } }
Deep File Autopsy
This endpoint handles complex files (PDFs, APKs, Images). Because decompiling an APK or extracting JS from a PDF can take a few seconds, this is an asynchronous endpoint. It immediately returns a 202 Accepted status, and dispatches the final result to your configured Webhook.
Example Request
curl -X POST https://api.aeglis.com/v3/api/deep-scan \ -H "Authorization: Bearer sk_live_your_key" \ -F "file=@/path/to/kyc_document.pdf" \ -F "input_text=User uploaded KYC doc."
import requests url = "https://api.aeglis.com/v3/api/deep-scan" headers = {"Authorization": "Bearer sk_live_your_key"} with open("kyc_document.pdf", "rb") as f: files = {"file": f} data = {"input_text": "User uploaded KYC doc."} response = requests.post(url, headers=headers, files=files, data=data) print(response.json())
const fetch = require('node-fetch'); const fs = require('fs'); const FormData = require('form-data'); const form = new FormData(); form.append('file', fs.createReadStream('kyc_document.pdf')); form.append('input_text', 'User uploaded KYC doc.'); fetch('https://api.aeglis.com/v3/api/deep-scan', { method: 'POST', headers: { 'Authorization': 'Bearer sk_live_your_key', ...form.getHeaders() }, body: form }).then(res => res.json()).then(json => console.log(json));
<?php $ch = curl_init(); $cfile = new CURLFile('kyc_document.pdf', 'application/pdf', 'kyc_document.pdf'); $data = ['file' => $cfile, 'input_text' => 'User uploaded KYC doc.']; curl_setopt($ch, CURLOPT_URL, "https://api.aeglis.com/v3/api/deep-scan"); curl_setopt($ch, CURLOPT_POST, TRUE); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer sk_live_your_key"]); $response = curl_exec($ch); curl_close($ch); echo $response; ?>
Initial Response (Immediate)
{ "status": "processing", "message": "File accepted. Result will be dispatched to your Webhook." }
Webhooks Setup
When a background Deep Scan finishes, Aeglis sends an HTTP POST request to your configured Webhook URL. You can set this URL and obtain your Webhook Secret in the Developer Dashboard.
Webhook Payload Example
{ "event": "scan.completed", "timestamp": 1712419200, "data": { "risk_level": "DANGER", "reason": "Hidden Javascript Execution Block found inside PDF.", "file": "kyc_document.pdf" } }
Verify Signatures (HMAC)
To ensure the webhook was actually sent by Aeglis and not a malicious actor, every webhook includes a Aeglis-Signature header. The signature is generated using HMAC-SHA256 with your Webhook Secret.
Compute the HMAC of the raw request body using your secret, and compare it to the header.
const crypto = require('crypto'); const express = require('express'); const app = express(); // Important: We need the raw body to verify the signature exactly app.post('/webhook', express.raw({type: 'application/json'}), (req, res) => { const signature = req.headers['aeglis-signature']; const secret = process.env.AEGLIS_WEBHOOK_SECRET; const expectedSignature = 'v1=' + crypto .createHmac('sha256', secret) .update(req.body) .digest('hex'); if (crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) { const payload = JSON.parse(req.body); console.log("Valid Webhook received:", payload.data.risk_level); res.status(200).send("OK"); } else { res.status(401).send("Invalid signature"); } });
import hmac import hashlib import json from fastapi import FastAPI, Request, Header, HTTPException app = FastAPI() @app.post("/webhook") async def aeglis_webhook(request: Request, aeglis_signature: str = Header(None)): secret = b"whsec_your_secret" body = await request.body() expected_sig = "v1=" + hmac.new(secret, body, hashlib.sha256).hexdigest() if not hmac.compare_digest(expected_sig, aeglis_signature): raise HTTPException(status_code=401, detail="Invalid signature") payload = json.loads(body) print("Webhook Valid:", payload['data']['risk_level']) return {"status": "OK"}
<?php $secret = 'whsec_your_secret'; $payload = file_get_contents('php://input'); $signature = $_SERVER['HTTP_AEGLIS_SIGNATURE'] ?? ''; $expected = 'v1=' . hash_hmac('sha256', $payload, $secret); if (hash_equals($expected, $signature)) { $data = json_decode($payload, true); echo "Webhook Valid: " . $data['data']['risk_level']; } else { http_response_code(401); echo "Invalid signature"; } ?>
Error Codes
Aeglis uses standard HTTP response codes to indicate the success or failure of an API request.
| Code | Meaning | Description |
|---|---|---|
200 | OK | The request was successful and the threat analysis is complete. |
202 | Accepted | The file is accepted and processing in the background (Deep Scan). |
400 | Bad Request | The request was unacceptable, often due to missing required parameters. |
401 | Unauthorized | No valid API key provided, or key is inactive. |
413 | Payload Too Large | The uploaded file exceeds the 50MB strict limit. |
429 | Too Many Requests | You have exceeded your concurrency limit. |
402 | Monthly Quota Exceeded | You have exceeded your monthly API quota limit. |
500 | Server Error | Something went wrong on Aeglis's end. (Rare) |
Node.js SDK
npm install aeglis-sdk
The Aeglis Node.js SDK provides a secure, lightweight wrapper around the Aeglis v3 Threat Intelligence API. It simplifies payload delivery, streaming file uploads, and handles enterprise-grade cryptographic webhook validation out of the box.
Installation
Install the package from the NPM registry. Requires Node.js 14 or higher.
npm install aeglis-sdk
yarn add aeglis-sdk
Initialization
Initialize the client using your secret API key generated from the Developer Dashboard. Store this key in environment variables and never expose it on the client-side.
const Aeglis = require('aeglis-sdk'); // Initialize the secure singleton instance // Always use environment variables — never hardcode your key const aeglis = new Aeglis(process.env.AEGLIS_API_KEY);
Quick Scan
Used for synchronous analysis of short text, URLs, and incoming messages. Ideal for real-time chat moderation or preprocessing input links before they are rendered to users.
Syntax
aeglis.scan(inputText, endUserId);Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
inputText | String | Yes | The raw text string or target URL to evaluate. |
endUserId | String | No | Internal reference ID of your end-user for behavioral telemetry tracking. Defaults to "anonymous". |
Example Request
async function handleIncomingMessage() { try { const response = await aeglis.scan( "Update your bank KYC immediately at http://secure-alert-update.in", "user_id_9982" ); console.log(response); } catch (error) { console.error(error.message); } }
{ "status": "success", "data": { "risk_level": "DANGER", "reason": "High-confidence bank phishing attempt targeting absolute credential extraction.", "type": "TEXT_PHISHING" } }
Deep File Scan
Triggers an asynchronous, memory-safe file decompression and autopsy inside a sandbox environment. This method operates on a fire-and-forget architecture — it returns an immediate acknowledgment and dispatches the final scanning report directly to your configured Webhook endpoint.
Syntax
aeglis.deepScan(filePath, options);Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
filePath | String | Yes | Absolute or relative system path to the target document — PDF, DOCX, or APK. Maximum allowed size: 50 MB. |
options.inputText | String | No | Accompanying contextual text or message associated with the file. |
options.endUserId | String | No | Your platform's unique identifier for this event. Returned inside the final webhook payload for stateless database mapping. |
Example Request
async function handleDocumentUpload() { try { const response = await aeglis.deepScan( './uploads/user_identity_proof.pdf', { inputText: "User profile onboarding document submission", endUserId: "document_reference_ref_5548" } ); console.log(response); } catch (error) { console.error(error.message); } }
{ "status": "processing", "message": "File accepted. Result will be dispatched to your webhook." }
Webhook Verification
When the deep processing engine finishes parsing your file, Aeglis triggers an outbound HTTP POST to your configured endpoint. The SDK validates the signature using HMAC SHA-256 with the v1= prefix scheme.
⚠️ Critical: Pass express.raw({ type: 'application/json' }) as middleware before your route handler. Using express.json() will automatically parse the body, mutating whitespace and causing signature verification to always fail. Always capture the raw payload buffer.
Webhook Payload Format
{ "risk_level": "DANGER", "reason": "Dormant executable sequence embedded within structural PDF tags discovered during disassembly.", "file": "user_identity_proof.pdf", "user_id": "document_reference_ref_5548" }
Express Production Implementation
const express = require('express'); const Aeglis = require('aeglis-sdk'); const app = express(); const aeglis = new Aeglis(process.env.AEGLIS_API_KEY); const WEBHOOK_SECRET = process.env.AEGLIS_WEBHOOK_SECRET; app.post( '/v1/security-callback', express.raw({ type: 'application/json' }), // Raw body — required (req, res) => { const signatureHeader = req.headers['aeglis-signature']; try { const event = aeglis.verifyWebhook(req.body, signatureHeader, WEBHOOK_SECRET); const entityReferenceId = event.data.user_id; if (event.data.risk_level === 'DANGER') { console.log(`Threat in ${event.data.file}. Quarantining ref: ${entityReferenceId}`); } else if (event.data.risk_level === 'SAFE') { console.log(`Ref ${entityReferenceId} verified clean. Committing to storage.`); } res.status(200).send('OK'); } catch (error) { console.error(`Signature verification failed: ${error.message}`); res.status(401).send('Unauthorized'); } } );
Error Handling
The SDK wraps lower-level Axios runtime anomalies into high-level, human-readable semantic error boundaries. Implement explicit defensive logic inside standard asynchronous catch blocks.
try { // Attempting execution with empty target parameters await aeglis.scan(""); } catch (error) { console.error(error.message); // Output: "Aeglis API Error: inputText is required for Quick Scan." }
Python SDK
pip install aeglis
The Aeglis Python SDK provides a secure, frictionless way to integrate the Aeglis v3 Threat Intelligence API into Django, FastAPI, Flask, or any Python-based infrastructure. The SDK natively handles multi-threaded streaming, asynchronous file processing, and cryptographic webhook verification out of the box.
Installation
Install the package from the Python Package Index. Requires Python 3.8 or higher.
pip install aeglis
Initialization
Initialize the client using your secret API key generated from the Developer Dashboard. Always store this key in environment variables and never commit it to version control.
from aeglis import Aeglis import os # Initialize the secure singleton instance # Always use environment variables — never hardcode your key client = Aeglis(api_key=os.environ["AEGLIS_API_KEY"])
Quick Scan
Used for synchronous analysis of short text, URLs, social media links, and incoming chat messages. Ideal for real-time moderation pipelines in Django, FastAPI, or Flask.
Syntax
client.scan(input_text, end_user_id)Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
input_text | str | Yes | The raw text string or target URL to evaluate. |
end_user_id | str | No | Your internal reference ID for the end-user, used for telemetry and tracking abuse. Defaults to "anonymous". |
Example Request
try: response = client.scan( input_text="Verify your account immediately: http://secure-verification-login.in", end_user_id="user_db_id_8874" ) print(response) except Exception as e: print(f"Scanning error occurred: {e}")
{ "status": "success", "data": { "risk_level": "DANGER", "reason": "High-confidence credential harvesting attempt impersonating a financial entity.", "type": "URL_PHISHING" } }
Deep File Scan
Triggers an asynchronous, memory-safe decompression and analysis of large files inside an isolated sandbox. This method uses a fire-and-forget architecture — it returns an immediate acknowledgment and dispatches the final forensic report to your configured Webhook URL once the scan concludes.
Syntax
client.deep_scan(file_path, input_text, end_user_id)Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
file_path | str | Yes | The absolute or relative system path to the target document — PDF, DOCX, or APK. Maximum size: 50 MB. |
input_text | str | No | Accompanying contextual text or message associated with the file. Improves analysis accuracy. |
end_user_id | str | No | Your platform's unique identifier for this document or event. This exact ID is returned inside the final webhook payload, enabling stateless database mapping. |
Example Request
try: response = client.deep_scan( file_path="./downloads/user_invoice.pdf", input_text="User submitted billing proof during KYC verification", end_user_id="invoice_ref_doc_9912" # Returned via webhook ) print(response) except Exception as e: print(f"Deep scan error: {e}")
{ "status": "processing", "message": "File accepted. Result will be dispatched to your webhook." }
Webhook Verification
When the deep processing engine finishes parsing the file, Aeglis dispatches an outbound HTTP POST request to your configured endpoint. The SDK seamlessly validates the cryptographic signature using HMAC SHA-256 to prevent spoofing.
from django.http import JsonResponse from django.views.decorators.csrf import csrf_exempt from aeglis import Aeglis, AeglisError import os client = Aeglis(api_key=os.environ.get("AEGLIS_API_KEY")) WEBHOOK_SECRET = os.environ.get("AEGLIS_WEBHOOK_SECRET") @csrf_exempt def aeglis_webhook(request): raw_payload = request.body # Capture raw bytes strictly signature = request.META.get("HTTP_X_AEGLIS_SIGNATURE") or request.META.get("HTTP_AEGLIS_SIGNATURE") try: event = client.verify_webhook( raw_payload=raw_payload, signature_header=signature, webhook_secret=WEBHOOK_SECRET ) # Extract parameters from the nested data wrapper event_data = event.get("data", {}) risk_level = event_data.get("risk_level") entity_ref = event_data.get("user_id") if risk_level == "DANGER": print(f"Threat detected. Quarantining ref: {entity_ref}") elif risk_level == "SAFE": print(f"Ref {entity_ref} verified clean.") return JsonResponse({"status": "processed"}) except AeglisError as e: print(f"Verification failed: {e}") return JsonResponse({"error": "Invalid signature"}, status=400)
from fastapi import FastAPI, Request, HTTPException from aeglis import Aeglis, AeglisError import os app = FastAPI() client = Aeglis(api_key=os.environ.get("AEGLIS_API_KEY")) WEBHOOK_SECRET = os.environ.get("AEGLIS_WEBHOOK_SECRET") @app.post("/webhook") async def aeglis_webhook(request: Request): raw_payload = await request.body() signature = request.headers.get("x-aeglis-signature") or request.headers.get("aeglis-signature") try: event = client.verify_webhook( raw_payload=raw_payload, signature_header=signature, webhook_secret=WEBHOOK_SECRET ) event_data = event.get("data", {}) risk_level = event_data.get("risk_level") entity_ref = event_data.get("user_id") if risk_level == "DANGER": print(f"Threat detected. Quarantining ref: {entity_ref}") elif risk_level == "SAFE": print(f"Ref {entity_ref} verified clean.") return {"status": "processed"} except AeglisError as e: print(f"Verification failed: {e}") raise HTTPException(status_code=400, detail="Invalid signature")
Error Handling
The SDK wraps lower-level API anomalies into granular, human-readable exceptions. Implement defensive logic using standard try-except blocks. Two exception types are raised: ValueError for client-side validation errors and AeglisError for server-side failures.
from aeglis import Aeglis, AeglisError import os client = Aeglis(api_key=os.environ["AEGLIS_API_KEY"]) try: client.scan(input_text="") # Empty string validation check except ValueError as e: print(f"Validation error: {e}") # Output: input_text is required. except AeglisError as e: print(f"Aeglis server error: {e}")